BC & DR

Question 1

What does BCP deal with?

Answer 1

Keeping business operations running

Question 2

What does DRP deal with?

Answer 2

Restoring normal business operations after the disaster tales place

Question 3

What are three common elements between BCP and DRP?

Answer 3

• Identification of critical business functions
• Identification of disaster scenarios
• Experts

Question 4

What two assessments are commonly used to identify critical business functions?

Answer 4

• Business Impact Assessment

- Vulnerability Assessment

Question 5

What two elements are commonly used to rank possible disaster scenarios?

Answer 5

Probability and Impact

Question 6

What term is used to describe the blending of BCP and DRP into a single mission?

Answer 6

COOP (Continuity of Business Operations)

Question 7

What are 3 important elements of a BCP project?

Answer 7

• Senior Management Support
• Senior Management Involvement
• Project Team Membership

Question 8

A BCP project generally consists of which 4 components?

Answer 8

• scope determination
• BIA
• BCP
• Implementation

Question 9

What is the term used to describe a project scope when it grows beyond the original intent?

Answer 9

Scope Creep

Question 10

What type of assessment would you carry out determine which business functions are more resillient and which are more fragile?

Answer 10

Business Impact Assessment

Question 11

How are the effects of an impact generally categorised?

Answer 11

Quantitative and Qualitative

Question 12

What 5 tasks need to be performed well as part if a Business Impact Assessment?

Answer 12

1. Perform a Vulnerability Assessment
2. Carry out a criticality assessment
3. Determine the maximum tolerable downtime
4. Establish recovery targets
5. Determine resource requirements

Question 13

What is a criticality assessment?

Answer 13

Determines how critically important a particular business function is to the ongoing viability of the organisation.

Question 14

What type of assessment determines the impact, both quantitative and qualitative - of the loss of a critical business function?

Answer 14

Vulnerability Assessment

Question 15

Which type of assessment should identify critical support areas?

Answer 15

vulnerability assessment

Question 16

What are the steps in a criticality assessment?

Answer 16

1. Inventory all high level business functions and rank them in order of criticality
2. Describe the impact of a disruption to each function on overall business operations.
3. Estimate the duration of a disaster event
4. Consider the impact of a disruption based on the length of time that a disaster impairs critical business functions.

Question 17

What does MTD stand for in relation to BCP?

Answer 17

Maximum Tolerable Downtime

Question 18

What are the two objectives when assessing recovery targets?

Answer 18

Recovery Time Objective

Recovery Point Objective

Question 19

What term is used to describe the maximum period of time in which a business process must be restored after a disaster?

Answer 19

Recovery Time Objective

Question 20

What term is used to describe the maximum period of time in which data might be lost if a disaster strikes?

Answer 20

Recovery Point Objective

Question 21

4 typical resource requirements are:

Answer 21

• IT Systems and application
• Key personnel
• Business equipment
• Supplier and Partners

Question 22

What is the businesses highest priority in the event of a disaster?

Answer 22

Personnel safety

Question 23

What is the difference between an incremental and differential backup?

Answer 23

Differential takes a backup of changed files only since last full backup. Incremental takes a backup of changed files only whether it be since last full backup or last incremental backup

Question 24

What 3 things should be considered when scheduling a data backup plan?

Answer 24

• time taken to perform backups
• time taken to restore backups
• procedures for restoring data

Question 25

name 4 types of data backup

Answer 25

• Magnetic tape
• Virtual Tape Library
• Site replication
• Remote backup (internet)

Question 26

What type of agreement involves a software vendor sending a copy of its software code to a third party in the event of a disaster

Answer 26

Software escrow agreement

Question 27

What are two ways of providing power during prolonged power outages?

Answer 27

UPS (Uninterrupted power supply)

Emergency electric generator

Question 28

What is another benefit of a UPS asides from continued power supply?

Answer 28

Controlled Shutdown

Question 29

What are the 5 common types of data sites?

Answer 29

Cold Site
Warm Site
Hot Site
Reciprocal Site
Multi-site

Question 30

What is a cold site in relation to a DC?

Answer 30

Empty computer room with basic environmental facilities, ie UP, heating, ventilation, etc.

Question 31

What is a warm site in relation to a DC?

Answer 31

A cold site with computers and communication links in place, but applications and business data must still be loaded

Question 32

What is a hot site in relation to a DC?

Answer 32

Second live site mirroring the primary

Question 33

What is a reciprocal site in relation to a DC?

Answer 33

agreement in place with third party that pledges availability of their DC in the event of a disaster

Question 34

What is a multi site in relation to a DC?

Answer 34

Multiple sites used to run daily operations. site is also staffed

Question 35

Which type of site provides the most rapid recovery in the event of a disaster but is also the most costly to maintain? Hot, Warm or Cold?

Answer 35

Hot

Question 36

All employees in the organisation must know about the business continuity plan. True or False?

Answer 36

True

Question 37

The salvage team is concerned with restoring full functionality to a damaged facility. What are generally the 4 steps to achieving this?

Answer 37

1. Damage assessment.
2. Salvage assets
3. Cleaning
4. Restoring facility to operational readiness

Question 38

A recovery test that includes loading data onto recovery systems without taking the production systems down is otherwise known as:

Answer 38

a parallel test

Question 39

What are the 5 basic functions that should be available after a failover (custover) test?

Answer 39

• User Access
• Administrative Access
• Support
• Integrations to other applications
• Reporting

Question 40

What is the first step before starting a Business Continuity Plan?

Answer 40

Gaining senior management support

Question 41

How can financial risk be calculated in relation to Business Continuity?

Answer 41

P * M = C

Probability of harm * Magnitude of harm = Cost of Prevention

Question 42

Title IX of the “The Implementing The 9/11 Commission Reconsiderations Act of 2007” addresses what?

Answer 42

private sector organisations validate their readiness to recover by comparing their programs against an unnamed standard. NFPA 1600 recommended as the standard to be used.

Question 43

What os the British Standard for having a Business Continuity Plan?

Answer 43

BS25999

Question 44

What is the FFIEC BCP Booklet?

Answer 44

Federal Financial Institutions Examination Council

Question 45

Do FFIEC state that a business should be aware of the BCP plans of its third party providers?

Answer 45

Yes

Question 46

What is the US FInancial Integrity Regulatory Authority Rule 4370 (FINRA)

Answer 46

defines a minimum standard for BCP

Question 47

What are additioinal regulations on Financial Frms in relation to BCP?

Answer 47

National Association of Insurance Commissioners (NAIC)
National Futures Associatoin Compliance Rule 2-38
Electronic Funds Transfer Act
Basel committee - for banks regarding BCP
HIPAA - health

Question 48

Which country in the world was the first to introduce a standard and certification program for BCP?

Answer 48

Singapore (Standard for Business COntinuity/Disaster Recovery Service Providers (SS507)

Question 49

What is the Sarbanes Oxley Section 404?

Answer 49

Management assessment of Internal Controls. inlcudes management responsibility for maintaining financial repoting and assessment at end of yer

Question 50

In Sarbanes Oxlet what is PCAOB?

Answer 50

Public Accounting Oversight Board - responsible for BCP

Question 51

What is mobile site?

Answer 51

dc of anorganisation in a mobile trailer

Question 52

Event impacts should be categorised as following?

Answer 52

Non-incident
Incident
Severe incident